Prev: Odd random roaming profile issues
Next: [Samba] samba 3.3 with LDAP - How To change passwor from WIndows
From: Douglas E. Engert on 26 Jul 2010 18:10


On 7/26/2010 3:17 PM, Mark Pilant wrote:
>
> I built and configured samba-4.0.0alpha11 on a RedHat Enterprise
> Linux 5 system to run as a domain controller in a Windows 2008
> Server R2 domain. While looking at the various Kerberos exchanges
> I discovered SAMBA 4 did not follow RFC 4757 for the TGS-REP
> exchange, and yet was able to successfully in interact with the
> Windows system. I would like to understand what is happening.

Can you be more specific in what it did not do?

Have you read [MS-KILE]: Kerberos Protocol Extensions:
http://msdn.microsoft.com/en-us/library/cc233855(PROT.13).aspx

It was last updated 7/16/2010

>
> - Mark

--

Douglas E. Engert <DEEngert(a)anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Mark Pilant on 28 Jul 2010 17:50
> Can you be more specific in what it did not do?

It isn't so much what it did not do, but what it was able to do; it worked.

RFC 4757 specifies a message type (key usage) number of 8 should be used
for a TGS-REP response with an authenticator subkey. However, SAMBA and
Windows use 9. I would like to understand why.

> Have you read [MS-KILE]: Kerberos Protocol Extensions:

Yes, and [MS-PAC].

- Mark
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
 | 
Pages: 1
Prev: Odd random roaming profile issues
Next: [Samba] samba 3.3 with LDAP - How To change passwor from WIndows